Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
DataHub / Product Demos / 12 Sep 2022
DataHub / Product Demos / 12 Sep 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Sneak Peek: DataHub Roles

Description

Aditya Radhakrishnan (Acryl Data) provides a sneak peek of role-based access controls into DataHub during the August 2022 Town Hall.

Learn more about DataHub: https://datahubproject.io
Join us on Slack: http://slack.datahubproject.io
Follow us on Twitter: https://twitter.com/datahubproject

A

Cool you're good to go, my name is adithya and I'm going to talk a little bit about how we're introducing role-based access control into data hub cool. So let's give a quick overview of how like existing permissions work so right now we have um data hub policies right, um so the pros are they're. Super powerful, very granular can allow permissions based on, like you, know, specific domains.

A

I can say this group can do these things or these users can do these things, or maybe I just want owners of an asset to be able to perform certain actions and there's tons of permissions. Each action on data hub has its own permission right. Unfortunately, sometimes it's really complicated for those unfamiliar with data hub to manage. You know this is feedback. We've repeatedly received from uh all of you in the community, and it can also be challenging sometimes to diagnose, like you know, which policy like gives you permission to take a certain action.

A

So we wanted to simplify permissions and we we thought roles makes a lot of sense.

A

Our vision is that we want this to be the default for most data hub users like going forward, so roles is going to have it's based on our existing policy system um and each role is mapped to like a few specific policies under the hood, but you know for administrators. It should be as simple as like. I assign someone to the admin role or to the reader role, and they should just be able to do what they need to do cool alrighty, let's get into the demo.

A

How do I unpresent this?

A

There we go cool. Are you guys able to see my data hub instance? We are awesome, so I am right now in this new permissions tab. You can see. I have roles now as well as policies.

A

So if I go back to roles um right now, the three default roles that we're going to ship with for the first iteration is this editor role, this admin role and the reader role. You can see these descriptions, um you know for what they're able to do here but reasonably self-explanatory.

A

um I can click into this and get like. You know see that description again and see which users have this role. I also have this add users button here that I can use to batch, assign um a bunch of users to that role.

A

um Additionally, uh you can go to the policies page and, like you know, if I click on this admins policy, you can see like um you know. This is uh this: is the policy that this role is actually using under the hood? Well, there's two policies but yeah um and then on the users and groups page. I can also like, if I'm an admin- and I have the right permissions- it's really easy for me to just change the um the role that uh user has. So this person is an editor that was actually a mistake.

A

I've decided that they should be a reader. Let's reassign them see what happens.

A

Cool you see that now they're a reader all right. Now, I'm going to perform a magic trick for you all, because you know we want to see that this actually works right. So I'm going to invite a new user um you'll see that they won't be able to manage users and groups, because right now, that's something you need the admin role to do and then we'll assign them to be an admin and then you'll see that they'll be able to have a full list of permissions alrighty.

A

Let's do this, I'm going to log out.

A

Let's use this invite link.

A

Let's say: town hall is our name.

A

I am a data engineer.

A

Cool, so if I go to the settings tab you can see like, I don't have that users and groups or permissions tabs that I could see before right when I was logged in as the root user. So let me go back to the user. Who is an admin, as you saw previously,.

A

Let's go to using groups. Okay, I see in red that this person doesn't have a role, so I want to assign them a role. um I think that they should be an admin. Yes, I would like to assign them that role. Let's wait for that to change.

A

Okay, awesome! Now, let's log back in as town hall and, let's see if, if this worked.

A

Fantastic, I can see users and groups and permissions. It all works great. Okay, um let me go back to my slide.

A

Okay, cool, so what's next, um so just want to throw this caveat out there. Some parts of the ui the names have not been fully finalized. If you have some feedback love to hear it, um we also want to be able to uh as a the following items are actually follow-ups and won't be included in the first release.

A

We also want it to make it easy for admins to send invite links to users to invite them into a role. So um you know you won't have a default role to begin with, at least on this first iteration, but, like you know, I can just send a link to everyone in this group and be like hey. You guys should all be editors. Just click on this link and you'll be assigned that role.

A

um Another feature that we want to build out is rolled mapping, so you know um if you use like an identity provider like azure, ad or octa, you may already have like um some notion of roles there, and we want to make it easy for you to map those external roles into these data hub rules.

A

We also would like to support building out custom roles at some point in addition to these default roles. So you know look for that in the future.

A

Another thing that we would like to do is that we want to make it easily configurable at some point like what owners can do across the platform um have a page where it's like. Here's a check box and, like you just say that uh you know owners should be able to do this thing, and this thing and this thing so the way that we see this going forward is that our permissions will be like based on like three tiers.

A

So you have this rules, you still have access, or uh you still have like data policies, and then um you know we can also have this additional system to manage what owners can do.